HPE Aruba Networking (previously Aruba Networks) has released security updates to deal with critical flaws impacting ArubaOS that could consequence in distant code execution (RCE) on affected techniques.
Of the 10 security problems, 4 are rated critical in severity –
- CVE-2024-26304 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Company Accessed by way of the PAPI Protocol
- CVE-2024-26305 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Utility Daemon Accessed through the PAPI Protocol
- CVE-2024-33511 (CVSS rating: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Automated Reporting Assistance Accessed by means of the PAPI Protocol
- CVE-2024-33512 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the Local User Authentication Database Accessed by using the PAPI Protocol
A risk actor could exploit the aforementioned buffer overflow bugs by sending specifically crafted packets destined to the Process Application Programming Interface (PAPI) UDP port (8211), therefore getting the capability to execute arbitrary code as a privileged consumer on the underlying functioning method.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
The vulnerabilities, which effects Mobility Conductor (previously Mobility Learn), Mobility Controllers, and WLAN Gateways and SD-WAN Gateways managed by Aruba Central, are current in the adhering to program versions –
- ArubaOS 10.5.1. and below
- ArubaOS 10.4.1. and down below
- ArubaOS 8.11.2.1 and down below, and
- ArubaOS 8.10..10 and down below
They also affect the ArubaOS and SD-WAN program versions that have arrived at close of servicing status –
- ArubaOS 10.3.x.x
- ArubaOS 8.9.x.x
- ArubaOS 8.8.x.x
- ArubaOS 8.7.x.x
- ArubaOS 8.6.x.x
- ArubaOS 6.5.4.x
- SD-WAN 8.7..-2.3..x, and
- SD-WAN 8.6..4-2.2.x.x
A security researcher named Chancen has been credited with identifying and reporting seven of the 10 issues, together with the four critical buffer overflow vulnerabilities.
Customers are advised to utilize the most up-to-date fixes to mitigate opportunity threats. As momentary workarounds for ArubaOS 8.x, the enterprise is recommending that consumers empower the Enhanced PAPI Security aspect employing a non-default crucial.
Observed this article interesting? Follow us on Twitter and LinkedIn to browse much more exceptional content we put up.
Some areas of this post are sourced from:
thehackernews.com